Glossary
This glossary defines the foundational concepts and unified vocabulary used across the ContextUnity repository. For deeper dives, follow the cross-reference links attached to each definition.
Architecture Elements
B2B / Tenant Isolation
The separation of data and operational scope between different organizations (Tenants) within the same centralized database/service. In ContextUnity, this is strictly enforced by PostgreSQL Row-Level Security (RLS) linked to the ContextToken.
See: ContextUnity Security Scope
B2C / User Isolation
The fine-grained separation of data between individual users within the same tenant (e.g. personal medical records inside a hospital’s namespace). Enforced via dual-dimensional PostgreSQL RLS (app.current_user).
mTLS (Mutual TLS)
A zero-trust networking concept where both the client and the server cryptographically prove their identity using physical certificates before establishing a TCP connection. See: Transport Security
Protocol & Execution
ContextUnit
The universal data transfer object (DTO) that flows between all ContextUnity services. It standardizes payloads, tracking metadata, trace provenance, and context states, acting as the single ‘blood cell’ of the platform’s nervous system. See: ContextUnit Protocol
ContextToken
A stateless, cryptographically signed JSON Web Token-like structure that carries authentication, permissions, and tenant scope. It eliminates the need for database lookups during service-to-service communication. See: ContextToken Security
RLM (Recursive Language Model)
An inference strategy where an LLM recursively calls itself within a sandboxed REPL environment to decompose complex tasks, overcome context limitations, and execute tools dynamically.
Interceptor
A gRPC middleware component that executes before or after an RPC call. ContextUnity relies heavily on interceptors for automatic token decryption, validation, and permissions enforcement (ServicePermissionInterceptor).
See: Security Integration
Services (The Mesh)
ContextRouter (Mind)
The central intelligence component of the ecosystem. It orchestrates agentic workflows (via Pydantic AI and LangGraph), executes recursive tool calling (RLM), and coordinates requests across the mesh. See: ContextRouter Overview
ContextBrain (Memory)
The semantic memory, knowledge graph, and vector database backing the ecosystem. It provides hybrid RAG search and episodic memory storage, using PostgreSQL (pgvector / ltree).
See: ContextBrain Overview
ContextCore (Kernel)
The shared foundation of the ecosystem. It provides the unified ContextUnit protocol, token validation structures, typing, gRPC contracts (.proto), and basic logging/configuration utilities.
See: ContextCore Overview
ContextShield (Security)
The enterprise security layer. It provides zero-trust KMS (Key Management) backing for token signing, gRPC Vault APIs for managing application secrets, and the AI Firewall for Prompt Injection defense. See: ContextShield Overview
ContextZero (Privacy / Gateway)
The privacy and anonymization proxy. It redacts Personally Identifiable Information (PII) before requests hit LLM providers and replaces them upon return. It acts as the API Gateway for external REST traffic. See: ContextZero Overview
ContextCommerce (Platform)
The Product Information Management (PIM) and Harvester platform. Used for large-scale data ingestion, taxonomy classification, and semantic product matching. See: ContextCommerce Overview
ContextWorker (Hands)
The background execution engine built entirely on HashiCorp/Temporal infrastructure. It runs durable, retry-able, and long-running workflows (e.g., mass taxonomy classification jobs). See: ContextWorker Overview
ContextView (Observability)
The central observability and admin dashboard. It provides a visual interface for managing tenants, viewing execution traces, configuring project schemas, and interacting with the system as a Human-in-the-Loop. See: ContextView Overview